Privacy Policy Cookie Policy

Data processing policy Art. 13-14 Reg. UE n. 679/2016

Dear User,
The EU Regulation no. 679/2016 (GDPR) and Italian Legislative Decree 196/2003 (Privacy Code) provide for the rules for the protection of individuals with regard to the processing of personal data.
In compliance with this legislation, HON Consulting Srl intends to provide you with all the information on the processing of your personal data according to the principles of lawfulness, correctness and transparency, limitation of purposes and storage, data minimization, accuracy, integrity and confidentiality.

Who processes my personal data?

Data controller
HON Consulting Srl
Location: Via Lepanto, 23
59100, Prato (PO) - ITALY
P. IVA: 02203700972

Contact details
info@h-on.it

How we take care of your personal data
We are deeply committed to protecting the privacy and security of our customers and their personal data.
HON Consulting Srl has adopted internal rules and procedures to ensure the protection of personal data of customers, suppliers, potential users and other parties concerned.
We have appointed an internal contact person who works with the Management to manage issues, prepare our “privacy by design” services from scratch, prevent incidents and data breaches, and continually improve our data protection measures, also with the help of highly qualified external consultants.

1) Why are my personal data processed?

Personal data are processed in a limited and proportionate manner for the purposes set out below.
The data are mainly processed electronically. Appropriate security measures are put in place to prevent loss of data, illegal or incorrect use of data and unauthorized access.

Contacts, information, and website

Data processed Purposes
First and last name
Email 		The data are processed to respond to requests for information received by email or through the contact form of our website, and to respond to requests for contact from potential customers or for assistance from existing customers.
Legal basis Data storage time
Article 6(b) of the GDPR (execution of contract or pre-contractual measures requested by the data subject) The personal data provided will be kept only for the period necessary to respond to requests received or for the period of ten years if the data are provided in the context of a contractual relationship.
What happens if I refuse to provide my data? To whom will my data be communicated?
When data are processed for contractual or legal reasons, refusal to provide data prevents fulfilment of the contract.
When you are asked for consent to the processing of your data, you will not suffer any consequences in case of denied consent 		The data will not be communicated to third parties or disseminated.

Exercising rights of privacy

Data processed Purposes
First and last name
Contact details 		The processing of personal data is required to identify the applicant and, if required by law, evaluate the legitimacy to propose access.
Legal basis Data storage time
Article 6(c) of the GDPR (legal obligation).
The processing of data is based on obligations under the applicable law referred to in the application. 		The data will be kept for as long as necessary to evaluate the request and for the subsequent period for the purposes of conservation in the protocol of the Data Controller, according to the duration provided by law or necessary to safeguard the legitimate interest of the Data Controller (10 years).
What happens if I refuse to provide my data? To whom will my data be communicated?
In the case of refusal to provide personal data and if identification of the data subject is necessary to accept the request, the request cannot be accepted. Your data may be communicated to third parties, exclusively for technical and operational purposes strictly related to the purposes set out above and in particular to the following categories of subjects:
  • from/to public authorities and administrations for the purposes related to the fulfilment of legal obligations (e.g. Guarantor for the protection of personal data);
  • from/to subjects to whom the right to access personal data is recognized by law or secondary or community legislation, as well as by specific contracts and agreements duly signed;
  • to the consultants and freelancers used by the Data Controller, who will in any case be bound by professional secrecy.

Suppliers

Data processed Purposes
Master data
Contact details
Data relating to electronic invoicing, payments, contracts 		The data are processed to execute the contract or pre-contractual measures and, in particular, for the purposes of administration, billing and payments, as well as legal obligations to keep accounts.
Legal basis Data storage time
Article 6(b) of the GDPR (execution of the contract)
Article 6(c) of the GDPR (legal obligation) 		The personal data provided will be kept only for the period necessary to fulfil the obligations arising from the contract and for the subsequent period required by law for accounting purposes (e.g. 10 years) or for the purpose of retention in lieu of electronic invoices (20 years).
What happens if I refuse to provide my data? To whom will my data be communicated?
When data are processed for contractual or legal reasons, refusal to provide data prevents fulfilment of the contract. Your data will not be publicly disclosed.
The data will be communicated to third parties responsible for the processing of personal data, who have entered into an agreement pursuant to Art. 28 of the GDPR to provide consulting services or provide services that the Data Controller uses for the fulfilment of the contract.
For what other purposes can personal data be collected?
With regard to the personal data of customers, the data will be processed for purposes related to the management of ordinary contractual and commercial relationships and, specifically, for the purposes of keeping supplier accounts, invoicing and management of the creditor to fulfil all the obligations laid down in the current legislation.

Data made anonymous may be processed by HON Consulting Srl also for exclusively internal purposes of statistics and market research.

Receipt of CVs

Data processed Purposes
Recruitment and selection following receipt of spontaneous applications Selection of personnel
Legal basis Data storage time
Art. 6(b) of the GDPR – pre-contractual measures and execution of the contract and Art.111bis of Italian Legislative Decree 196/2003;
Art. 9(b) of the GDPR – obligations and rights of the holder in matters of labor law; 		Until the end of the selection process
What happens if I refuse to provide my data? To whom will my data be communicated?
If you submit your CV for evaluation but do not give your consent to the processing of your data, we will not be able to proceed with the selection process. Your data will not be publicly disclosed.
The data will be communicated to third parties responsible for the processing of personal data, who have entered into an agreement pursuant to Art. 28 of the GDPR to provide consulting services or provide services that the Data Controller uses for the fulfilment of the contract.
For what other purposes can personal data be collected?
📌 With regard to the personal data of customers, the data will be processed for purposes related to the management of ordinary contractual and commercial relationships and, specifically, for the purposes of keeping supplier accounts, invoicing and management of the creditor to fulfil all the obligations laid down in the current legislation.

📌 Data made anonymous may be processed by HON Consulting Srl also for exclusively internal purposes of statistics and market research.

2) Who will be able to process my personal data?

The personal data collected may be communicated to parties at HON Consulting Srl or external parties in order to fulfil legal or contractual obligations or for the purposes specified above.
Each data sheet provides specific information on the communication and dissemination of data. Below is general information on the processing methods adopted by HON consulting Srl.

Third-party recipients of the data
The data may be communicated to third parties, exclusively for technical and operational purposes strictly related to the purposes set out above and in particular to the following categories of subjects:
  • from/to Public Administrations for purposes related to the fulfilment of legal obligations.
  • from/to subjects to whom the right to access personal data is recognized by law or secondary or community legislation, as well as by specific contracts and agreements duly signed;
  • from/to banks, financial institutions, insurance companies or other subjects in order for our company to fulfil contractual/commercial obligations towards customers.
  • from/to subjects to whom the communication of personal data is necessary or is in any case required in order to fulfil existing contractual obligations.
Data processors
HON Consulting Srl may also communicate, for the pursuit of the aforementioned purposes, some personal data also to third parties who provide a service to the Data Controller, for example for the provision of technological services including, in particular, the email service, the provision of cloud infrastructure for the H-DOCS service, for substitute storage services, for the issuance of invoices on behalf of the Data Controller, for the provision of management software or in any case to meet all technical and operational needs strictly related to the exercise of contractual rights.

These subjects process personal data as data processors pursuant to and for the purposes referred to in Article 28 of the GDPR.
Dissemination of personal data
Personal data shall not be disseminated.
The cases in which the data will be disseminated are indicated in the individual sheets indicated in Section 1 of this document.

3) Where are my personal data processed?

The data will be processed mainly within the European Union.
We use Microsoft Office365 email and cloud services and the Microsoft Teams application for video conferencing and meetings. We use the services of Smartsupp.com, s.r.o. to manage the chat widget of our website.
These providers have stated that the data centers used are located within the territory of the European Union. Where there are transfers of personal data, the providers have committed their subcontractors to protect the data on the basis of the Standard Contractual Clauses signed.

What mechanism protects the transfer of my data outside the EU?
Service providers based outside the European Union will be appointed as data processors and the transfer of your personal data to these subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions of Chapter V of the GDPR.
In particular, where an adequacy decision is missing pursuant to Art. 45 of the GDPR, appropriate safeguards will be used pursuant to Art. 46 of the GDPR.

4) What are my rights?

Pursuant to articles 15-22 GDPR, the data subject has:

The right to access data Right to rectification
The data subject can obtain confirmation that the processing of personal data concerning them is in progress, and obtain more information on the processing, as well as a copy of the personal data. The data subject has the right to have data rectified if it is inaccurate or incomplete.
Right of erasure Right to restrict data processing
The data subject can request erasure in cases of law. The data subject may request that the processing be limited by opposing the erasure as it is necessary for the exercise or defense of a right in court, or in other cases provided for by law.
Right to data portability Right to object to the processing
The data subject has the right to receive the personal data provided in a structured format commonly used when they are processed in an automated manner on the basis of consent or a contract. The data subject can, for particular reasons, oppose the processing based on legitimate interest or in other cases of law.
When the processing is based on consent, the data subject has the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out until withdrawal has taken place.

How can I protect my rights?
You have the right to submit a complaint to the Italian Personal Data Protection Authority
Further information: https://bit.ly/2w1mcjS
You can ask for more information or exercise your rights by completing the contact form below or by sending an email to: info@h-on.it.

    Personal data of the applicant

    The data is mandatory to verify the identity of the applicant.

    Contact details for communications

    The applicant may provide contact details to receive communications. Failure to provide at least one of the following prevents the response from being sent.

    the undersigned, as the data subject,REQUESTS exercise of the following rights:*

    Policy on the use of Cookies

    This cookie policy integrates and completes the privacy notice.
    This site uses the cookies listed below for its operation.

    What are cookies?

    Cookies are text files containing minimal information sent to the browser and stored on your computer, mobile phone or other user device whenever you visit a website. With each link, the cookies refer the information to the reference site.
    Cookies can be permanent (persistent cookies) if they remain on your computer until you delete them, or temporary (session cookies) if they are deactivated when you close your browser. Cookies can also be first-party cookies if set by the visited site, or third-party cookies if placed by a site other than the visited one.
    Cookies can be "technical" if they are used for the functioning of the website or for third parties, to offer personalized content or integrate the functions of the website with those of third parties.

    How we use cookies

    This website uses cookies.

    This site installs technical cookies for its operation and third-party cookies to offer personalized content or for functionalities linked to third-party components.
    HON Consulting Srl uses cookies to improve the functionality of its site, to enable the user to move easily between pages, to remember the user’s preferences and to ensure that the user always has the best experience.
    In particular, we use cookies to collect analytical information such as the number of visitors to our website and the pages visited most frequently (we use this information for marketing purposes and for planning our investments) and to understand whether our customers and visitors readily adapt to the changes we make to our website from time to time.
    Cookies help us collect information on how our website is used, but they do not store information that can identify users. Cookies only store a unique session ID which helps to retrieve user profiles and their preferences the next time they visit our website.

    Manage cookie consent

    The law states that we can store cookies on your device if they are strictly necessary for this site to function. For all other types of cookies, we need your consent.
    You may oppose the processing of your personal data at any time by using the functions provided on this page, where you will find full information on the processing of your personal data by HON Consulting Srl.

    You can change or revoke your consent at any time with the following setting: Impostazioni dei cookie

    Which cookies our website installs

    In detail, the cookies installed by this website.